Questions tagged [jose]

JOSE (Javascript Object Signing and Encryption) is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties

The JOSE framework provides a collection of specifications to serve this purpose. A JSON Web Token (JWT) contains claims that can be used to allow a system to apply access control to resources it owns.

One potential use case of the JWT is as the means of authentication and authorization for a system that exposes resources through an OAuth 2.0 model.

Official Website

131 questions

votes

6 answers

JWT on .NET Core 2.0

I've been on quite an adventure to get JWT working on DotNet core 2.0 (now reaching final release today). There is a ton of documentation, but all the sample code seems to be using deprecated APIs and coming in fresh to Core, It's positively…

c# .net-core jwt jose

asked Aug 15 '17 at 04:25

Michael Draper

1,928
3
18
24

votes

2 answers

Invalid Syntax jose.py

I was trying to use jose library for authentication for one of my flask apps. using the import statement as follows from jose import jwt But it throws following An error, Traceback (most recent call last): File…

python jose

asked Dec 02 '20 at 06:00

Gihan Gamage

2,944
19
27

votes

1 answer

What is the difference between JOSE, JWA, JWE, JWK, JWS and JWT?

What is the difference between JOSE, JWA, JWE, JWK, JWS and JWT and how are they related to one another?

jwt jwk jwe jose

asked Oct 30 '22 at 23:55

Marco

5,555
2
17
23

votes

1 answer

alg value for Ed25519?

The RFC7518 has a list of algorithms values used in JWT. However there is no value for EdDSA, such as Ed25519. Also Ed25519 is not accepted as a valid value when verifying in Jose. What is the correct alg value for Ed25519?

jwt jose ed25519

asked Mar 31 '21 at 19:01

user938363

9,990
38
137
303

votes

2 answers

Combining JWE and JWS

Just learning about JOSE and I understand that JWE is for encryption and JWS is for signing. What I don't seem to be able to find examples of is a payload that is both encrypted and signed. Let's pretend I have a payload hello world. Is the correct…

json encryption jwt jwe jose

asked Oct 11 '18 at 08:17

aroooo

4,726
8
47
81

votes

1 answer

Using node-jose, how do I decrypt the data I just encrypted?

I am trying to implement simple JOSE encrypt and decrypt functions using node-jose. My code is as follows (written using Node 8.2.1) const { JWE } = require('node-jose'); const jose = (publicKey, privateKey) => { async function encrypt(raw) { …

javascript node.js encryption rsa jose

asked Aug 03 '17 at 04:56

Dave Sag

13,266
14
86
134

votes

1 answer

Generate EdDSA 25519 key pair for JOSE/NODEJS

Here is the command I used on ubuntu 20.x to generate key pair of EdDSA 25519 for JOSE/NODEJS (14.16) app: $ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id-ed25519 -C myemail_address Here is the private key generated: -----BEGIN OPENSSH PRIVATE…

jwt jose

asked Mar 25 '21 at 15:33

user938363

9,990
38
137
303

votes

2 answers

When would you use an unprotected JWS header?

I don't understand why JWS unprotected headers exist. For some context: a JWS unprotected header contains parameters that are not integrity protected and can only be used per-signature with JSON Serialization. If they could be used as a top-level…

jwt json-web-token jose json-web-signature

asked Oct 27 '16 at 17:47

markw

votes

2 answers

How can I create a signed JWT using npm Jose and then verify this token?

I am struggling to understand how to use the npm jose module (https://www.npmjs.com/package/jose) to create and verify signed JWT tokens in my Node application. My scenario is this: I want to sign an authenticated request to access a resource. I…

node.js jwt jose

asked Sep 10 '21 at 01:24

tremho

votes

1 answer

Signed and Encrypt from KeyPair string

I'm a newbie in jwt and after read a lot of web pages I've not found examples of how to generate a token (signed and encrypted) with keypairs generated from this website https://mkjwk.org/. I think it can't be very difficult. I think this is the way…

c# .net encryption sign jose

asked Apr 30 '18 at 12:05

AccRpa

votes

1 answer

node jose explanation / example?

I want to use token based authentication with JWT (Signed and encrypted if possible). I use NodeJS in server side. I am trying to use this node-jose module : https://github.com/cisco/node-jose I don't know a lot about generate / store keys &…

javascript node.js key token jose

asked Jan 05 '18 at 00:33

ElJackiste

4,011
5
23
36

votes

1 answer

How to Validate JWT using JWK for ES256 alg?

I have JWT as var signedJwt =…

c# asp.net-core jwt jwk jose

asked Aug 07 '20 at 10:22

Kiran Ramchandra Parab

votes

1 answer

JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size

I am trying to decrypt JWE data from my private key using Nimbus JOSE + JWT. But I am gettin error : JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size Can someone please help me to resole this issue. I am using Java 1.8 My…

java encryption jwe jose

asked Sep 15 '18 at 12:01

Roshanck

2,220
8
41
56

votes

1 answer

Nimbus JOSE JWT Encryption with RSA, Private and Public Key

Having doubts about a concept applied in the sample code named "JSON Web Token (JWT) with RSA encryption" for reference see: http://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-rsa-encryption The sample code delivers an RSAEncrypter…

key rsa jwt nimbus jose

asked Dec 27 '16 at 13:17

Claude Falbriard

votes

1 answer

Which Python JOSE library supports nested JWT (signed+encrypted)?

I looked at python-jose and jose but neither seem to support encrypting a signed JWT. For example, "jose" library supports signing and encrypting separately, without nesting them. Am I missing something, like perhaps it's fairly easy to nest JWTs…

python jwt python-jose jose

asked May 18 '16 at 03:19

Slawomir

3,194
1
30
36

2 3

…

8 9 Next